發(fā)布時(shí)間：2018-03-12 20:23

  本文選題：云存儲(chǔ)　切入點(diǎn)：訪問(wèn)控制　出處：《通信學(xué)報(bào)》2016年01期 　論文類型：期刊論文

【摘要】：CP-ABE被認(rèn)為是云存儲(chǔ)下最適合的數(shù)據(jù)訪問(wèn)控制方法之一,但它僅適合用戶分別讀取或者分別修改不同數(shù)據(jù)的情況,而直接應(yīng)用CP-ABE進(jìn)行多用戶協(xié)同數(shù)據(jù)訪問(wèn)時(shí),會(huì)存在修改無(wú)序、密文文件大量冗余等問(wèn)題。多用戶協(xié)同訪問(wèn)云端數(shù)據(jù)時(shí),應(yīng)該在保證機(jī)密性、抗共謀的前提下控制合法用戶有序地修改同一密文文件,同時(shí)云端盡可能減少密文文件副本。針對(duì)文件和文件邏輯分塊,提出了2個(gè)多用戶協(xié)同訪問(wèn)控制方案MCA-F和MCA-B。MCA-F滿足單個(gè)數(shù)據(jù)文件作為最小控制粒度的訪問(wèn)控制需求,該方案采用層次加密結(jié)構(gòu),云服務(wù)器承擔(dān)部分解密計(jì)算,以降低用戶解密的計(jì)算代價(jià);針對(duì)多用戶同時(shí)寫(xiě)數(shù)據(jù)的訪問(wèn)控制,提出了對(duì)多個(gè)用戶提交的暫存數(shù)據(jù)的管理方法。MCA-B用于文件的邏輯分塊作為最小控制粒度的訪問(wèn)控制,該方案設(shè)計(jì)了文件的邏輯分塊機(jī)制、基于索引矩陣的表示方法,提出了子數(shù)據(jù)掩碼表示方法以描述多個(gè)用戶對(duì)同一文件不同邏輯分塊的寫(xiě)權(quán)限;MCA-B支持用戶集合、文件邏輯分塊結(jié)構(gòu)的動(dòng)態(tài)變化,而且數(shù)據(jù)的擁有者和修改者無(wú)需一直在線。與現(xiàn)有的方案相比,所提方案不僅具有云存儲(chǔ)下多用戶協(xié)同寫(xiě)數(shù)據(jù)的訪問(wèn)控制能力,而且讀訪問(wèn)控制的用戶端存儲(chǔ)量和加解密計(jì)算量是較小的。
[Abstract]:CP-ABE is considered to be one of the most suitable data access control methods in cloud storage, but it is only suitable for users to read or modify different data separately. When multi-users cooperate to access cloud data, they should control the legitimate users to modify the same ciphertext file in an orderly manner on the premise of keeping confidentiality and resisting collusion. At the same time, the cloud reduces the copy of ciphertext file as far as possible. Aiming at file and file logic partitioning, two multi-user cooperative access control schemes, MCA-F and MCA-B.MCA-F, are proposed to meet the requirements of single data file as the minimum control granularity of access control. The scheme adopts hierarchical encryption structure, cloud server undertakes partial decryption calculation to reduce the computing cost of user decryption, and the access control of multi-user simultaneously writes data. This paper presents a management method of temporary data submitted by multiple users. MCA-B is used for file logical partitioning as minimum control granularity access control. This scheme designs a logical partitioning mechanism for files, which is based on the representation method of index matrix. A subdata mask representation method is proposed to describe the write rights of multiple users to different logical blocks of the same file. MCA-B supports the user set and the dynamic changes of the structure of the logical block of the file. Moreover, the owner and modifier of the data need not always be online. Compared with the existing scheme, the proposed scheme not only has the ability of access control of multi-user co-write data under cloud storage, And read access control client storage and encryption and decryption computation is small.
【作者單位】： 武漢大學(xué)計(jì)算機(jī)學(xué)院;九江學(xué)院信息科學(xué)與技術(shù)學(xué)院;桂林電子科技大學(xué)信息與通信學(xué)院;
【基金】：國(guó)家自然科學(xué)基金資助項(xiàng)目(No.61373040,No.61572370) 教育部博士點(diǎn)基金資助項(xiàng)目(No.20120141110073)~~
【分類號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前6條

1 朱勇;李偉;羅軍舟;;一種面向多用戶的負(fù)載感知?jiǎng)討B(tài)服務(wù)選擇模型[J];軟件學(xué)報(bào);2014年06期

2 葉念渝,何兆湘;局域網(wǎng)上多用戶數(shù)據(jù)操作[J];微電子學(xué)與計(jì)算機(jī);1997年01期

3 蔡卓恒;李衛(wèi)華;;多用戶協(xié)作的可拓方法[J];廣東工業(yè)大學(xué)學(xué)報(bào);2007年01期

4 倪紅軍;;局域網(wǎng)內(nèi)多用戶實(shí)時(shí)通信工具的設(shè)計(jì)[J];出版與印刷;2005年04期

5 徐駿;一機(jī)多用戶的收發(fā)電子郵件[J];現(xiàn)代圖書(shū)情報(bào)技術(shù);1999年01期

6 ;[J];;年期

，

本文編號(hào)：1603145